Gabriel Torres (MIT Lincoln Laboratory, Secure Resilient Systems & Technology, Lexington, MA), Raymond Govotski (MIT Lincoln Laboratory, Secure Resilient Systems & Technology, Lexington, MA), Samuel Jero (MIT Lincoln Laboratory, Secure Resilient Systems & Technology, Lexington, MA), Gruia-Catalin Roman (University of New Mexico, Department of Computer Science), Joseph “Dan” Trujillo (Air Force Research Laboratory, Space Vehicles Directorate), Richard Skowyra (MIT Lincoln Laboratory, Secure Resilient Systems & Technology, Lexington, MA), Samuel Mergendahl (MIT Lincoln Laboratory, Secure Resilient Systems & Technology, Lexington, MA)
As space systems increasingly leverage commercialoff- the-shelf (COTS) technology to reduce mission cost and facilitate faster deployment timelines, satellite systems must also consider the cybersecurity achievable from the commercially available technology prior to adoption. In this work, we explore the challenges and trade-offs in applying COTS technology for satellite systems. In particular, we introduce a generic, high-level architecture for secure, resilient boot and update typically required to achieve an appropriate cybersecurity posture onboard a satellite. Moreover, we explore the challenges we encountered when instantiating this architecture on three generations of COTS technology. Namely, we find that COTS systems often provide secure, resilient boot and update capabilities, but the cost benefits of COTS technology often come with inflexibility which leads space system architects to choose between either limited suitability of COTS deployment for their specific space mission needs or expensive extensions to the COTS platform.